From 1c43e5ea99ceeede27f78a827a2276f26c79fc96 Mon Sep 17 00:00:00 2001 From: Pedro Gonzalez Gomez Date: Thu, 4 Jan 2024 23:16:10 +0100 Subject: [PATCH] mgr/dashboard: set bucket policies conflict: /home/pegonzal/ceph/ceph/src/pybind/mgr/dashboard/frontend/src/app/shared/enum/icons.enum.ts - Adds support to set bucket policies through the Dashboard. - Rename rgw bucket policy from 'policy' to 'bucket policy' and tab 'Permissions' to 'Policies' - Fix: hide Tags when none are present on bucket list details and sets bucket form dirty after deleting a tag - Added service to manage the formatting of a textArea that works with json Signed-off-by: Pedro Gonzalez Gomez Fixes: https://tracker.ceph.com/issues/63942 (cherry picked from commit 2817d8e25d84bba47951bd68cb3e8651cdb51b56) --- src/pybind/mgr/dashboard/controllers/rgw.py | 16 +++++-- .../rgw-bucket-details.component.html | 8 ++-- .../rgw-bucket-details.component.ts | 2 +- .../rgw-bucket-form.component.html | 44 ++++++++++++++++++ .../rgw-bucket-form.component.ts | 46 +++++++++++++++++-- .../app/shared/api/rgw-bucket.service.spec.ts | 6 ++- .../src/app/shared/api/rgw-bucket.service.ts | 10 ++-- .../src/app/shared/forms/cd-validators.ts | 12 +++++ .../formly-textarea-type.component.ts | 16 +++---- .../text-area-json-formatter.service.spec.ts | 16 +++++++ .../text-area-json-formatter.service.ts | 21 +++++++++ src/pybind/mgr/dashboard/openapi.yaml | 4 ++ .../mgr/dashboard/services/rgw_client.py | 22 +++++++++ 13 files changed, 196 insertions(+), 27 deletions(-) create mode 100644 src/pybind/mgr/dashboard/frontend/src/app/shared/services/text-area-json-formatter.service.spec.ts create mode 100644 src/pybind/mgr/dashboard/frontend/src/app/shared/services/text-area-json-formatter.service.ts diff --git a/src/pybind/mgr/dashboard/controllers/rgw.py b/src/pybind/mgr/dashboard/controllers/rgw.py index f3653c5bd27b8..f8c37cede699c 100644 --- a/src/pybind/mgr/dashboard/controllers/rgw.py +++ b/src/pybind/mgr/dashboard/controllers/rgw.py @@ -290,6 +290,10 @@ class RgwBucket(RgwRESTController): rgw_client = RgwClient.admin_instance() return rgw_client.get_bucket_policy(bucket) + def _set_policy(self, bucket_name: str, policy: str, daemon_name, owner): + rgw_client = RgwClient.instance(owner, daemon_name) + return rgw_client.set_bucket_policy(bucket_name, policy) + def _set_tags(self, bucket_name, tags, daemon_name, owner): rgw_client = RgwClient.instance(owner, daemon_name) return rgw_client.set_tags(bucket_name, tags) @@ -346,7 +350,7 @@ class RgwBucket(RgwRESTController): result['encryption'] = encryption['Status'] result['versioning'] = versioning['Status'] result['mfa_delete'] = versioning['MfaDelete'] - result['policy'] = self._get_policy(bucket_name) + result['bucket_policy'] = self._get_policy(bucket_name) # Append the locking configuration. locking = self._get_locking(result['owner'], daemon_name, bucket_name) @@ -359,7 +363,8 @@ class RgwBucket(RgwRESTController): lock_enabled='false', lock_mode=None, lock_retention_period_days=None, lock_retention_period_years=None, encryption_state='false', - encryption_type=None, key_id=None, tags=None, daemon_name=None): + encryption_type=None, key_id=None, tags=None, + bucket_policy=None, daemon_name=None): lock_enabled = str_to_bool(lock_enabled) encryption_state = str_to_bool(encryption_state) try: @@ -378,6 +383,9 @@ class RgwBucket(RgwRESTController): if tags: self._set_tags(bucket, tags, daemon_name, uid) + if bucket_policy: + self._set_policy(bucket, bucket_policy, daemon_name, uid) + return result except RequestException as e: # pragma: no cover - handling is too obvious raise DashboardException(e, http_status_code=500, component='rgw') @@ -387,7 +395,7 @@ class RgwBucket(RgwRESTController): encryption_state='false', encryption_type=None, key_id=None, mfa_delete=None, mfa_token_serial=None, mfa_token_pin=None, lock_mode=None, lock_retention_period_days=None, - lock_retention_period_years=None, tags=None, daemon_name=None): + lock_retention_period_years=None, tags=None, bucket_policy=None, daemon_name=None): encryption_state = str_to_bool(encryption_state) # When linking a non-tenant-user owned bucket to a tenanted user, we # need to prefix bucket name with '/'. e.g. photos -> /photos @@ -429,6 +437,8 @@ class RgwBucket(RgwRESTController): self._delete_encryption(bucket_name, daemon_name, uid) if tags: self._set_tags(bucket_name, tags, daemon_name, uid) + if bucket_policy: + self._set_policy(bucket, bucket_policy, daemon_name, uid) return self._append_bid(result) def delete(self, bucket, purge_objects='true', daemon_name=None): diff --git a/src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-details/rgw-bucket-details.component.html b/src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-details/rgw-bucket-details.component.html index e96a89b234f9a..1732a7fb3b4bd 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-details/rgw-bucket-details.component.html +++ b/src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-details/rgw-bucket-details.component.html @@ -102,7 +102,7 @@ - + Tags @@ -120,15 +120,15 @@ Permissions + i18n>Policies
- + class="bold w-25">Bucket policy +
Policy
{{ selection.policy | json}}
{{ selection.bucket_policy | json}}
diff --git a/src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-details/rgw-bucket-details.component.ts b/src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-details/rgw-bucket-details.component.ts index 0ecbe0536dffe..d731a323818ee 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-details/rgw-bucket-details.component.ts +++ b/src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-details/rgw-bucket-details.component.ts @@ -18,7 +18,7 @@ export class RgwBucketDetailsComponent implements OnChanges { this.rgwBucketService.get(this.selection.bid).subscribe((bucket: object) => { bucket['lock_retention_period_days'] = this.rgwBucketService.getLockDays(bucket); this.selection = bucket; - this.selection.policy = JSON.parse(this.selection.policy) || {}; + this.selection.bucket_policy = JSON.parse(this.selection.bucket_policy) || {}; }); } } diff --git a/src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-form/rgw-bucket-form.component.html b/src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-form/rgw-bucket-form.component.html index a9704c0bdc89f..eef66a6da60b4 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-form/rgw-bucket-form.component.html +++ b/src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-form/rgw-bucket-form.component.html @@ -410,6 +410,50 @@ + + Policies + +
+
+
+ +
+ + Invalid json text +
+ + +
+
+
+
+
diff --git a/src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-form/rgw-bucket-form.component.ts b/src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-form/rgw-bucket-form.component.ts index 6b90b45e16a64..f7015f609f68b 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-form/rgw-bucket-form.component.ts +++ b/src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-bucket-form/rgw-bucket-form.component.ts @@ -1,4 +1,11 @@ -import { AfterViewChecked, ChangeDetectorRef, Component, OnInit } from '@angular/core'; +import { + AfterViewChecked, + ChangeDetectorRef, + Component, + OnInit, + ViewChild, + ElementRef +} from '@angular/core'; import { AbstractControl, Validators } from '@angular/forms'; import { ActivatedRoute, Router } from '@angular/router'; @@ -22,6 +29,7 @@ import { RgwBucketMfaDelete } from '../models/rgw-bucket-mfa-delete'; import { RgwBucketVersioning } from '../models/rgw-bucket-versioning'; import { RgwConfigModalComponent } from '../rgw-config-modal/rgw-config-modal.component'; import { BucketTagModalComponent } from '../bucket-tag-modal/bucket-tag-modal.component'; +import { TextAreaJsonFormatterService } from '~/app/shared/services/text-area-json-formatter.service'; @Component({ selector: 'cd-rgw-bucket-form', @@ -30,6 +38,9 @@ import { BucketTagModalComponent } from '../bucket-tag-modal/bucket-tag-modal.co providers: [RgwBucketEncryptionModel] }) export class RgwBucketFormComponent extends CdForm implements OnInit, AfterViewChecked { + @ViewChild('bucketPolicyTextArea') + public bucketPolicyTextArea: ElementRef; + bucketForm: CdFormGroup; editing = false; owners: string[] = null; @@ -70,6 +81,7 @@ export class RgwBucketFormComponent extends CdForm implements OnInit, AfterViewC private rgwUserService: RgwUserService, private notificationService: NotificationService, private rgwEncryptionModal: RgwBucketEncryptionModel, + private textAreaJsonFormatterService: TextAreaJsonFormatterService, public actionLabels: ActionLabelsI18n, private readonly changeDetectorRef: ChangeDetectorRef ) { @@ -82,6 +94,7 @@ export class RgwBucketFormComponent extends CdForm implements OnInit, AfterViewC ngAfterViewChecked(): void { this.changeDetectorRef.detectChanges(); + this.bucketPolicyOnChange(); } createForm() { @@ -129,7 +142,8 @@ export class RgwBucketFormComponent extends CdForm implements OnInit, AfterViewC ] ], lock_mode: ['COMPLIANCE'], - lock_retention_period_days: [0, [CdValidators.number(false), lockDaysValidator]] + lock_retention_period_days: [0, [CdValidators.number(false), lockDaysValidator]], + bucket_policy: ['{}', CdValidators.json()] }); } @@ -217,6 +231,11 @@ export class RgwBucketFormComponent extends CdForm implements OnInit, AfterViewC if (value['lock_enabled']) { this.bucketForm.controls['versioning'].disable(); } + if (value['bucket_policy']) { + this.bucketForm + .get('bucket_policy') + .setValue(JSON.stringify(value['bucket_policy'], null, 2)); + } } } this.loadingReady(); @@ -240,6 +259,7 @@ export class RgwBucketFormComponent extends CdForm implements OnInit, AfterViewC } const values = this.bucketForm.value; const xmlStrTags = this.tagsToXML(this.tags); + const bucketPolicy = this.getBucketPolicy(); if (this.editing) { // Edit const versioning = this.getVersioningStatus(); @@ -258,7 +278,8 @@ export class RgwBucketFormComponent extends CdForm implements OnInit, AfterViewC values['mfa-token-pin'], values['lock_mode'], values['lock_retention_period_days'], - xmlStrTags + xmlStrTags, + bucketPolicy ) .subscribe( () => { @@ -287,7 +308,8 @@ export class RgwBucketFormComponent extends CdForm implements OnInit, AfterViewC values['encryption_enabled'], values['encryption_type'], values['keyId'], - xmlStrTags + xmlStrTags, + bucketPolicy ) .subscribe( () => { @@ -337,6 +359,10 @@ export class RgwBucketFormComponent extends CdForm implements OnInit, AfterViewC return this.isMfaDeleteEnabled ? RgwBucketMfaDelete.ENABLED : RgwBucketMfaDelete.DISABLED; } + getBucketPolicy() { + return this.bucketForm.getValue('bucket_policy') || '{}'; + } + fileUpload(files: FileList, controlName: string) { const file: File = files[0]; const reader = new FileReader(); @@ -349,6 +375,16 @@ export class RgwBucketFormComponent extends CdForm implements OnInit, AfterViewC }); } + bucketPolicyOnChange() { + if (this.bucketPolicyTextArea) { + this.textAreaJsonFormatterService.format(this.bucketPolicyTextArea); + } + } + + openUrl(url: string) { + window.open(url, '_blank'); + } + openConfigModal() { const modalRef = this.modalService.show(RgwConfigModalComponent, null, { size: 'lg' }); modalRef.componentInstance.configForm @@ -374,6 +410,8 @@ export class RgwBucketFormComponent extends CdForm implements OnInit, AfterViewC deleteTag(index: number) { this.tags.splice(index, 1); + this.bucketForm.markAsDirty(); + this.bucketForm.updateValueAndValidity(); } private setTag(tag: Record, index?: number) { diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-bucket.service.spec.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-bucket.service.spec.ts index 15821c3b6265b..e1002373806c1 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-bucket.service.spec.ts +++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-bucket.service.spec.ts @@ -60,11 +60,12 @@ describe('RgwBucketService', () => { true, 'aws:kms', 'qwerty1', + null, null ) .subscribe(); const req = httpTesting.expectOne( - `api/rgw/bucket?bucket=foo&uid=bar&zonegroup=default&placement_target=default-placement&lock_enabled=false&lock_mode=COMPLIANCE&lock_retention_period_days=5&encryption_state=true&encryption_type=aws%253Akms&key_id=qwerty1&tags=null&${RgwHelper.DAEMON_QUERY_PARAM}` + `api/rgw/bucket?bucket=foo&uid=bar&zonegroup=default&placement_target=default-placement&lock_enabled=false&lock_mode=COMPLIANCE&lock_retention_period_days=5&encryption_state=true&encryption_type=aws%253Akms&key_id=qwerty1&tags=null&bucket_policy=null&${RgwHelper.DAEMON_QUERY_PARAM}` ); expect(req.request.method).toBe('POST'); }); @@ -84,11 +85,12 @@ describe('RgwBucketService', () => { '223344', 'GOVERNANCE', '10', + null, null ) .subscribe(); const req = httpTesting.expectOne( - `api/rgw/bucket/foo?${RgwHelper.DAEMON_QUERY_PARAM}&bucket_id=bar&uid=baz&versioning_state=Enabled&encryption_state=true&encryption_type=aws%253Akms&key_id=qwerty1&mfa_delete=Enabled&mfa_token_serial=1&mfa_token_pin=223344&lock_mode=GOVERNANCE&lock_retention_period_days=10&tags=null` + `api/rgw/bucket/foo?${RgwHelper.DAEMON_QUERY_PARAM}&bucket_id=bar&uid=baz&versioning_state=Enabled&encryption_state=true&encryption_type=aws%253Akms&key_id=qwerty1&mfa_delete=Enabled&mfa_token_serial=1&mfa_token_pin=223344&lock_mode=GOVERNANCE&lock_retention_period_days=10&tags=null&bucket_policy=null` ); expect(req.request.method).toBe('PUT'); }); diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-bucket.service.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-bucket.service.ts index 87561d92d8996..a43b2616f9334 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-bucket.service.ts +++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-bucket.service.ts @@ -60,7 +60,8 @@ export class RgwBucketService extends ApiClient { encryption_state: boolean, encryption_type: string, key_id: string, - tags: string + tags: string, + bucketPolicy: string ) { return this.rgwDaemonService.request((params: HttpParams) => { return this.http.post(this.url, null, { @@ -77,6 +78,7 @@ export class RgwBucketService extends ApiClient { encryption_type, key_id, tags: tags, + bucket_policy: bucketPolicy, daemon_name: params.get('daemon_name') } }) @@ -97,7 +99,8 @@ export class RgwBucketService extends ApiClient { mfaTokenPin: string, lockMode: 'GOVERNANCE' | 'COMPLIANCE', lockRetentionPeriodDays: string, - tags: string + tags: string, + bucketPolicy: string ) { return this.rgwDaemonService.request((params: HttpParams) => { params = params.appendAll({ @@ -112,7 +115,8 @@ export class RgwBucketService extends ApiClient { mfa_token_pin: mfaTokenPin, lock_mode: lockMode, lock_retention_period_days: lockRetentionPeriodDays, - tags: tags + tags: tags, + bucket_policy: bucketPolicy }); return this.http.put(`${this.url}/${bucket}`, null, { params: params }); }); diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/forms/cd-validators.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/forms/cd-validators.ts index 602a11e7343cd..78171f650f5f2 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/shared/forms/cd-validators.ts +++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/forms/cd-validators.ts @@ -610,4 +610,16 @@ export class CdValidators { ); }; } + + static json(): ValidatorFn { + return (control: AbstractControl): Record | null => { + if (!control.value) return null; + try { + JSON.parse(control.value); + return null; + } catch (e) { + return { invalidJson: true }; + } + }; + } } diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/forms/crud-form/formly-textarea-type/formly-textarea-type.component.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/forms/crud-form/formly-textarea-type/formly-textarea-type.component.ts index a3139f0e26494..654220596ad82 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/shared/forms/crud-form/formly-textarea-type/formly-textarea-type.component.ts +++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/forms/crud-form/formly-textarea-type/formly-textarea-type.component.ts @@ -1,5 +1,6 @@ import { Component, ViewChild, ElementRef } from '@angular/core'; import { FieldType, FieldTypeConfig } from '@ngx-formly/core'; +import { TextAreaJsonFormatterService } from '~/app/shared/services/text-area-json-formatter.service'; @Component({ selector: 'cd-formly-textarea-type', @@ -10,16 +11,11 @@ export class FormlyTextareaTypeComponent extends FieldType { @ViewChild('textArea') public textArea: ElementRef; + constructor(private textAreaJsonFormatterService: TextAreaJsonFormatterService) { + super(); + } + onChange() { - const value = this.textArea.nativeElement.value; - try { - const formatted = JSON.stringify(JSON.parse(value), null, 2); - this.textArea.nativeElement.value = formatted; - this.textArea.nativeElement.style.height = 'auto'; - const lineNumber = formatted.split('\n').length; - const pixelPerLine = 25; - const pixels = lineNumber * pixelPerLine; - this.textArea.nativeElement.style.height = pixels + 'px'; - } catch (e) {} + this.textAreaJsonFormatterService.format(this.textArea); } } diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/services/text-area-json-formatter.service.spec.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/services/text-area-json-formatter.service.spec.ts new file mode 100644 index 0000000000000..fc428f9841a1b --- /dev/null +++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/services/text-area-json-formatter.service.spec.ts @@ -0,0 +1,16 @@ +import { TestBed } from '@angular/core/testing'; + +import { TextAreaJsonFormatterService } from './text-area-json-formatter.service'; + +describe('TextAreaJsonFormatterService', () => { + let service: TextAreaJsonFormatterService; + + beforeEach(() => { + TestBed.configureTestingModule({}); + service = TestBed.inject(TextAreaJsonFormatterService); + }); + + it('should be created', () => { + expect(service).toBeTruthy(); + }); +}); diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/services/text-area-json-formatter.service.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/services/text-area-json-formatter.service.ts new file mode 100644 index 0000000000000..0e696022affdb --- /dev/null +++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/services/text-area-json-formatter.service.ts @@ -0,0 +1,21 @@ +import { ElementRef, Injectable } from '@angular/core'; + +@Injectable({ + providedIn: 'root' +}) +export class TextAreaJsonFormatterService { + constructor() {} + + format(textArea: ElementRef): void { + const value = textArea.nativeElement.value; + try { + const formatted = JSON.stringify(JSON.parse(value), null, 2); + textArea.nativeElement.value = formatted; + textArea.nativeElement.style.height = 'auto'; + const lineNumber = formatted.split('\n').length; + const pixelPerLine = 20; + const pixels = lineNumber * pixelPerLine; + textArea.nativeElement.style.height = pixels + 'px'; + } catch (e) {} + } +} diff --git a/src/pybind/mgr/dashboard/openapi.yaml b/src/pybind/mgr/dashboard/openapi.yaml index 602ee67ee2665..681d5e54cb9c3 100644 --- a/src/pybind/mgr/dashboard/openapi.yaml +++ b/src/pybind/mgr/dashboard/openapi.yaml @@ -9355,6 +9355,8 @@ paths: properties: bucket: type: string + bucket_policy: + type: string daemon_name: type: string encryption_state: @@ -9668,6 +9670,8 @@ paths: properties: bucket_id: type: string + bucket_policy: + type: string daemon_name: type: string encryption_state: diff --git a/src/pybind/mgr/dashboard/services/rgw_client.py b/src/pybind/mgr/dashboard/services/rgw_client.py index a258d99201204..f90045b033f54 100644 --- a/src/pybind/mgr/dashboard/services/rgw_client.py +++ b/src/pybind/mgr/dashboard/services/rgw_client.py @@ -889,6 +889,28 @@ class RgwClient(RestClient): return None raise e + @RestClient.api_put('/{bucket_name}?policy') + def set_bucket_policy(self, bucket_name: str, policy: str, request=None): + """ + Sets the bucket policy for a bucket. + :param bucket_name: The name of the bucket. + :type bucket_name: str + :param policy: The bucket policy. + :type policy: JSON Structured Document + :return: The bucket policy. + :rtype: Dict + """ + # pylint: disable=unused-argument + try: + request = request(data=policy) + except RequestException as e: + if e.content: + content = json_str_to_object(e.content) + if content.get("Code") == "InvalidArgument": + msg = "Invalid JSON document" + raise DashboardException(msg=msg, component='rgw') + raise DashboardException(e) + def perform_validations(self, retention_period_days, retention_period_years, mode): try: retention_period_days = int(retention_period_days) if retention_period_days else 0 -- 2.39.5